Burp Suite User Forum

Login to post

Allowing all hosts through SSL passthrough except one?

Username | Last updated: Jul 31, 2020 07:36PM UTC

Any way to allow all hosts through SSL passthrough except one, say "hostname"? I tried this Regex: ^((?!hostname).)*$ Now everything passes through, but also including "hostname". I want hostname to *not* passthrough. Thanks!

Uthman, PortSwigger Agent | Last updated: Aug 03, 2020 08:51AM UTC

Hi, Have you tried the below? ^(?!hostname).*$

Username | Last updated: Oct 15, 2020 12:52PM UTC

Hello, Sorry for the delayed response here. I just tried that, and it had the same effect. Say I put one ssl passthrough regex, ^(?!google).*$ -- Now if I type google.com into my browser, it will show up in the http history because the first time you type it in, it is not through SSL (just http://google.com appears). But if I then type in a search so the URL is now https://www.google.com/search?[whatever], this URL will not find its way into the http history, because it is being passed through SSL. With this one rule in place, the above behaviour now works with any hostname. So if I typed msn.com into the browser, it'd show up, but then any SSL traffic gets passed through. The goal is to have the site I'm testing (say, google.com) and *all* its SSL traffic be captured, while all the other sites are ignored. I hope I am making sense!

Uthman, PortSwigger Agent | Last updated: Oct 15, 2020 01:20PM UTC

Thanks for clarifying. Have you considered setting the Target > Scope at the beginning of the project? That should drop all out of scope traffic.

Username | Last updated: Oct 15, 2020 10:14PM UTC

Thanks for the fast reply!! Excited to potentially get this solved. Using Target>Scope removes out of scope traffic from the history, but does *not* allow them to pass through SSL. So now other apps on the device that require SSL passthrough do not function. The target scope looks perfect if I could somehow apply it to the SSL passthrough to say "pass through everything *except* this"

Hannah, PortSwigger Agent | Last updated: Oct 28, 2020 10:58AM UTC

Hi I'm really sorry for such a late reply. We've had some success using: ^(?!portswigger-labs\.net$) ^443$ when testing with portswigger-labs.net Could you give that a go with your target?

You need to Log in to post a reply. Or register here, for free.